Risk Management Plan Final
Risk Management Plan Final Submission
Ronald Horne
June 6, 2015
1 INTRODUCTION
1.1 PURPOSE OF THE RISK MANAGEMENT PLAN A risk is the probability of the loss of a valued resource. The impact of the loss could be in profitability, functionality and/or reputation. Threats are any circumstance or events that have the potential to harm the information technology system. Vulnerability refers to a weakness in the security system. Risk Management is the process of identifying, assessing, responding to, monitoring, and reporting risks, threats and vulnerabilities. This Risk Management Plan defines how risks associated with the Defense Logistics Information Service will be identified, analyzed, and managed. It outlines how risk management activities will be performed, recorded, and monitored for the DLIS providing templates and practices for recording and prioritizing risks. The Risk Management Plan is created by the project manager and is monitored and updated on a yearly basis. The intended audience of this document is the project team, project sponsor and management.
1.2 PURPOSE OF BUSINESS IMPACT ANALYSIS The business impact analysis (BIA) is an essential step in developing a business continuity plan (BCP). The BIA depends on taking information from the risk assessment and risk management plans and determining the critical business functions (CBFs). For each CBF, the maximum acceptable outage (MAO), the costs associated with the failure of the CBF and recovery requirements need to be stated. (Rouse, 2005)(Gibson, 2011) Since the information gathered in the previous reports on risk assessment and risk mitigation plans is central to the development of the BIA, they are also included so that the information can be further expanded upon.
1.3 PURPOSE OF BUSINESS CONTINUITY PLAN The Business Continuity Plan (BCP) is designed to prepare an organization to continue doing business when a disaster strikes. The BCP differs
Ronald Horne
June 6, 2015
1 INTRODUCTION
1.1 PURPOSE OF THE RISK MANAGEMENT PLAN A risk is the probability of the loss of a valued resource. The impact of the loss could be in profitability, functionality and/or reputation. Threats are any circumstance or events that have the potential to harm the information technology system. Vulnerability refers to a weakness in the security system. Risk Management is the process of identifying, assessing, responding to, monitoring, and reporting risks, threats and vulnerabilities. This Risk Management Plan defines how risks associated with the Defense Logistics Information Service will be identified, analyzed, and managed. It outlines how risk management activities will be performed, recorded, and monitored for the DLIS providing templates and practices for recording and prioritizing risks. The Risk Management Plan is created by the project manager and is monitored and updated on a yearly basis. The intended audience of this document is the project team, project sponsor and management.
1.2 PURPOSE OF BUSINESS IMPACT ANALYSIS The business impact analysis (BIA) is an essential step in developing a business continuity plan (BCP). The BIA depends on taking information from the risk assessment and risk management plans and determining the critical business functions (CBFs). For each CBF, the maximum acceptable outage (MAO), the costs associated with the failure of the CBF and recovery requirements need to be stated. (Rouse, 2005)(Gibson, 2011) Since the information gathered in the previous reports on risk assessment and risk mitigation plans is central to the development of the BIA, they are also included so that the information can be further expanded upon.
1.3 PURPOSE OF BUSINESS CONTINUITY PLAN The Business Continuity Plan (BCP) is designed to prepare an organization to continue doing business when a disaster strikes. The BCP differs